Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
San Francisco, California
*We are unable to sponsor for this Remote permanent role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Senior RBAC Engineer, preferably with strong SailPoint experience. This individual will be a technical leader in RBAC solutions and should also be able to effectively collaborate, acting as a liaison with business and technology partners. This role requires extensive background and experience in Identity Management and Role-based Access Control. Responsibilities: Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Qualifications: 8+ years of IT experience with 5+ years developing and implementing enterprise RBAC solutions Excellent written and verbal communication Collaborative approach to problem solving Work well under pressure to produce results Sensitivity to business processes and drivers Demonstrated history of influencing change within teams and across the organization Bachelor's and/or Master's degree in Computer Science, Computer Engineering, Information Systems, etc. (or demonstrated professional experience)
14/05/2024
Full time
*We are unable to sponsor for this Remote permanent role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Senior RBAC Engineer, preferably with strong SailPoint experience. This individual will be a technical leader in RBAC solutions and should also be able to effectively collaborate, acting as a liaison with business and technology partners. This role requires extensive background and experience in Identity Management and Role-based Access Control. Responsibilities: Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Qualifications: 8+ years of IT experience with 5+ years developing and implementing enterprise RBAC solutions Excellent written and verbal communication Collaborative approach to problem solving Work well under pressure to produce results Sensitivity to business processes and drivers Demonstrated history of influencing change within teams and across the organization Bachelor's and/or Master's degree in Computer Science, Computer Engineering, Information Systems, etc. (or demonstrated professional experience)
*Remote But not allowed in the following States: Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico.* A prestigious company is looking for a Sr. RBAC Engineer. This person will need to be an expert with Role Based Access Control and will preferably work with SailPoint IAM. Responsibilities/Qualifications: Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Include the principles of RBAC and how it works in employee training programs. Take care not to create too many roles. Have a written policy for how the role-based access control system should be used, including detailing the process for making changes. Be receptive to input from managers and users about how the RBAC system can be optimized and make relevant changes as needed. Continually evaluate roles and security status. Consider the reason and implications request for any change to users' permissions before implementing changes. Enforce security protocols related to permissions. SailPoint Experience.
14/05/2024
Full time
*Remote But not allowed in the following States: Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico.* A prestigious company is looking for a Sr. RBAC Engineer. This person will need to be an expert with Role Based Access Control and will preferably work with SailPoint IAM. Responsibilities/Qualifications: Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Include the principles of RBAC and how it works in employee training programs. Take care not to create too many roles. Have a written policy for how the role-based access control system should be used, including detailing the process for making changes. Be receptive to input from managers and users about how the RBAC system can be optimized and make relevant changes as needed. Continually evaluate roles and security status. Consider the reason and implications request for any change to users' permissions before implementing changes. Enforce security protocols related to permissions. SailPoint Experience.
NO SPONSORSHIP Sr. RBAC Engineer - Expert Salary: $150k to $200k plus 20% bonus Remote - NO Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico. We need an RBAC expert preferably with SailPoint but not a must. You will own this space. IAM roles based Access Control will need to speak on it, will be a 10 out of 10. With role-based access control, permissions are based exclusively on roles, which simplifies administration. When a user's position changes, including if they sever relations with the organization, administrators simply change their role, and permissions are automatically updated. Using RBAC, users can be assigned multiple roles. User role assignment defines users' permission or access rights based on a role or task. User role authorization confirms that a user is approved for a role and to perform related functions. User role permission and access rights define specifically what a user can and cannot do. Access Modification Sharing Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Include the principles of RBAC and how it works in employee training programs. Take care not to create too many roles. Role-based access control helps organizations adhere to the data protection and privacy requirements set forth in myriad regulations by restricting access to resources.
13/05/2024
Full time
NO SPONSORSHIP Sr. RBAC Engineer - Expert Salary: $150k to $200k plus 20% bonus Remote - NO Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico. We need an RBAC expert preferably with SailPoint but not a must. You will own this space. IAM roles based Access Control will need to speak on it, will be a 10 out of 10. With role-based access control, permissions are based exclusively on roles, which simplifies administration. When a user's position changes, including if they sever relations with the organization, administrators simply change their role, and permissions are automatically updated. Using RBAC, users can be assigned multiple roles. User role assignment defines users' permission or access rights based on a role or task. User role authorization confirms that a user is approved for a role and to perform related functions. User role permission and access rights define specifically what a user can and cannot do. Access Modification Sharing Analyze the users, including their workflows and the resources they need. Conduct audits of the roles on an ongoing basis to keep them up to date and align them with current requirements. Create a basic role that includes the access every user needs. Determine which roles have a common set of access requirements. Ensure RBAC is integrated across all systems across the organization. Establish a process for handling role changes, including setting up and decommissioning users. Identify the resources that require access control. Include the principles of RBAC and how it works in employee training programs. Take care not to create too many roles. Role-based access control helps organizations adhere to the data protection and privacy requirements set forth in myriad regulations by restricting access to resources.